use ammonia::{Builder, UrlRelative};
use diesel::{
    self,
    deserialize::Queryable,
    serialize::{self, Output},
    sql_types::Text,
    types::ToSql,
};
use serde::{self, de::Visitor, Deserialize, Deserializer, Serialize, Serializer};
use std::{
    borrow::{Borrow, Cow},
    fmt::{self, Display},
    io::Write,
    ops::Deref,
};

lazy_static! {
    static ref CLEAN: Builder<'static> = {
        let mut b = Builder::new();
        b.add_generic_attributes(&["id", "dir"])
            .add_tags(&["iframe", "video", "audio", "label", "input"])
            .id_prefix(Some("postcontent-"))
            .url_relative(UrlRelative::Custom(Box::new(url_add_prefix)))
            .add_tag_attributes(
                "iframe",
                ["width", "height", "src", "frameborder"].iter().cloned(),
            )
            .add_tag_attributes("video", ["src", "title", "controls"].iter())
            .add_tag_attributes("audio", ["src", "title", "controls"].iter())
            .add_tag_attributes("label", ["for"].iter())
            .add_tag_attributes("input", ["type", "checked"].iter())
            .add_allowed_classes("input", ["cw-checkbox"].iter())
            .add_allowed_classes(
                "span",
                [
                    "cw-container",
                    "cw-text",
                    //Scope classes for the syntax highlighting.
                    "attribute-name",
                    "comment",
                    "constant",
                    "control",
                    "declaration",
                    "entity",
                    "function",
                    "invalid",
                    "keyword",
                    "language",
                    "modifier",
                    "name",
                    "numeric",
                    "operator",
                    "parameter",
                    "punctuation",
                    "source",
                    "storage",
                    "string",
                    "support",
                    "tag",
                    "type",
                    "variable",
                ]
                .iter(),
            )
            // Related to https://github.com/Plume-org/Plume/issues/637
            .add_allowed_classes("sup", ["footnote-reference", "footnote-definition-label"].iter())
            .add_allowed_classes("div", ["footnote-definition"].iter())
            .attribute_filter(|elem, att, val| match (elem, att) {
                ("input", "type") => Some("checkbox".into()),
                ("input", "checked") => Some("checked".into()),
                ("label", "for") => {
                    if val.starts_with("postcontent-cw-") {
                        Some(val.into())
                    } else {
                        None
                    }
                }
                _ => Some(val.into()),
            });
        b
    };
}

#[allow(clippy::unnecessary_wraps)]
fn url_add_prefix(url: &str) -> Option<Cow<'_, str>> {
    if url.starts_with('#') && !url.starts_with("#postcontent-") {
        //if start with an #
        let mut new_url = "#postcontent-".to_owned(); //change to valid id
        new_url.push_str(&url[1..]);
        Some(Cow::Owned(new_url))
    } else {
        Some(Cow::Borrowed(url))
    }
}

#[derive(Debug, Clone, PartialEq, Eq, AsExpression, FromSqlRow, Default)]
#[sql_type = "Text"]
pub struct SafeString {
    value: String,
}

impl SafeString {
    pub fn new(value: &str) -> Self {
        SafeString {
            value: CLEAN.clean(value).to_string(),
        }
    }

    /// Creates a new `SafeString`, but without escaping the given value.
    ///
    /// Only use when you are sure you can trust the input (when the HTML
    /// is entirely generated by Plume, not depending on user-inputed data).
    /// Prefer `SafeString::new` as much as possible.
    pub fn trusted(value: impl AsRef<str>) -> Self {
        SafeString {
            value: value.as_ref().to_string(),
        }
    }

    pub fn set(&mut self, value: &str) {
        self.value = CLEAN.clean(value).to_string();
    }
    pub fn get(&self) -> &String {
        &self.value
    }
}

impl Serialize for SafeString {
    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
    where
        S: Serializer,
    {
        serializer.serialize_str(&self.value)
    }
}

struct SafeStringVisitor;

impl<'de> Visitor<'de> for SafeStringVisitor {
    type Value = SafeString;

    fn expecting(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result {
        formatter.write_str("a string")
    }

    fn visit_str<E>(self, value: &str) -> Result<SafeString, E>
    where
        E: serde::de::Error,
    {
        Ok(SafeString::new(value))
    }
}

impl<'de> Deserialize<'de> for SafeString {
    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
    where
        D: Deserializer<'de>,
    {
        deserializer.deserialize_string(SafeStringVisitor)
    }
}

#[cfg(all(feature = "postgres", not(feature = "sqlite")))]
impl Queryable<Text, diesel::pg::Pg> for SafeString {
    type Row = String;
    fn build(value: Self::Row) -> Self {
        SafeString::new(&value)
    }
}

#[cfg(all(feature = "sqlite", not(feature = "postgres")))]
impl Queryable<Text, diesel::sqlite::Sqlite> for SafeString {
    type Row = String;
    fn build(value: Self::Row) -> Self {
        SafeString::new(&value)
    }
}

impl<DB> ToSql<diesel::sql_types::Text, DB> for SafeString
where
    DB: diesel::backend::Backend,
    str: ToSql<diesel::sql_types::Text, DB>,
{
    fn to_sql<W: Write>(&self, out: &mut Output<'_, W, DB>) -> serialize::Result {
        str::to_sql(&self.value, out)
    }
}

impl Borrow<str> for SafeString {
    fn borrow(&self) -> &str {
        &self.value
    }
}

impl Display for SafeString {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}", self.value)
    }
}

impl Deref for SafeString {
    type Target = str;
    fn deref(&self) -> &str {
        &self.value
    }
}

impl AsRef<str> for SafeString {
    fn as_ref(&self) -> &str {
        &self.value
    }
}

use rocket::http::RawStr;
use rocket::request::FromFormValue;

impl<'v> FromFormValue<'v> for SafeString {
    type Error = &'v RawStr;

    fn from_form_value(form_value: &'v RawStr) -> Result<SafeString, &'v RawStr> {
        let val = String::from_form_value(form_value)?;
        Ok(SafeString::new(&val))
    }
}
